Security

All user and internal access of data is through a secure HTTPS connection protocol verified with a Comodo security certificate.

General Data Protection Regulation (GDPR)
This regulation does not apply directly to VayK Gear as our business is conducted and based outside of EU countries nor do we specifically target the selling of goods and services to customers or businesses in the EU. However, we are watching the regulation and how it may effect us in the future. At this time, we believe our security and privacy practices are inline or above similar US companies.

Secure online payment, refunds, etc. are made through Authorize.net using the Authorize.net SDK with verification of SSL required for transaction.

Server Security & Backups

We utilize dedicated servers and run regular off-site backups. We do not share server access or resources with any third-parties.

We run Ubuntu (14.04 AMD64) Linux servers that are extensively hardened and tested against security exploits. All unnecessary services are disabled, all security patches are up-to-date, and servers are audited regularly for attempted break-ins. Our systems administrators actively maintain awareness of new security developments, and as Open Source systems, Ubuntu are easy to update with new protections.

Our network is overbuilt with spare capacity and redundancy. Our custom network monitoring systems ensure that attacks and other anomalies are identified and responded to promptly.

Sensitive Data Storage

We do not store a full credit card number in our database, though the user does enter it when ordering.

We store limited guest information which includes (First & Last name, Travel Dates, Booking Date, City, State, Phone, Email, Property). Upon client request, we can exclude the following: First Name Only, Phone, Email, City, State Zip.

2 Weeks after guest checkout, the email address is deleted from the reservation data, but remains on their gear order if an order exists.

Sensitive Data Access

All access to user data is password protected, and user access controlled. All administration takes place via a secure HTTPS connection protocol.